With the shift to more remote working set in motion by the pandemic, the use of mobile devices for business purposes has grown — along with the associated security risks.
When employees use smartphones, tablets and laptops for business, it extends a company’s security perimeter beyond the walls of the office and out into the world at large. This leaves the company more vulnerable to phishing, malware, ransomware and other cyberattacks.
Businesses need to take protective action.
Beware Mobile Banking Fraud
In conjunction with the significant increase in mobile banking since early 2020, the FBI has been warning organizations about fraud attacks on mobile devices.1 App-based banking Trojans, malicious programs disguised as other apps, are among the techniques the FBI says criminals employ to exploit mobile banking users. Fraudsters also are creating fake banking apps that impersonate the real apps of major financial institutions in order to trick users into inadvertently handing over their login credentials, the agency warns.
Measures that can help businesses protect against mobile banking fraud include:
- Use dual control to approve transactions or administrative changes. When used properly for online payment and self-administrative services, dual control is one of the most effective fraud deterrents in a layered security approach.
- Enable two-factor or multi-factor authentication to protect devices and accounts from malicious compromise.
- Monitor online accounts and transactions regularly and have procedures in place for employees to contact your bank if they notice anything unusual.
- Sign up for fraud monitoring services such as ACH Block, Universal Payment Identification Code (UPIC), Safewire, and ACH and Check Positive Pay.
Establish Effective Security Policies
About 8 out of 10 respondents to a recent Verizon survey of businesses have seen remote working increase and expect the number of remote workers to remain higher than before lockdown. “The ‘new normal’ remains uncertain, but it’s a safe bet that more flexible working arrangements are going to be a part of it,” the report notes.2
With that in mind, Verizon urges businesses to establish a robust set of mobile device policies. Among other things, those policies should cover:
- Acceptable use – i.e., when, where and why employees can connect their mobile device to the company’s network.
- Encryption. The policy could require users to encrypt data before they store it on their device. Encryption will render the data meaningless to anyone who does not have the key required to decrypt it, greatly reducing the risk of the data falling into the wrong hands if the device or media is stolen.
- Password security. Verizon suggests dictating that passwords be changed every 60 to 90 days, along with setting character length and combination requirements.
Talk to Your Employees
In the Verizon survey, over half of the companies that had experienced a mobile-related security breach attributed it, at least in part, to user behavior, such as falling for a phishing attack or installing unsanctioned apps. This suggests that employee engagement and commitment are critical elements of a successful approach to mobile device security. Employees must have a clear understanding of the threats posed and their ramifications for the business.
Here’s a strategy to consider: Hold a cybersecurity workshop to reinforce the dangers posed when using mobile devices. By engaging all employees in the fight against cyber threats and reviewing mobile device policies, you can better protect your company’s valuable data and resources, and the interests of your customers.
1 “Increased Use of Mobile Banking Apps Could Lead to Exploitation,” FBI Public Service Announcement, June 10, 2020. https://www.ic3.gov/Media/Y2020/PSA200610
2 Mobile Security Index 2021, research from Verizon. https://www.verizon.com/business/resources/reports/mobile-security-index/#report